diff --git a/.gitignore b/.gitignore index 2a7fb10..0ab6b1a 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ dist node_modules npm-debug.log -yarn-error.log \ No newline at end of file +yarn-error.log +aoe_technology_radar.iml diff --git a/radar/2019-11-01/beyondcorp.md b/radar/2019-11-01/beyondcorp.md new file mode 100644 index 0000000..4da10b2 --- /dev/null +++ b/radar/2019-11-01/beyondcorp.md @@ -0,0 +1,12 @@ +--- +title: "BeyondCorp" +ring: trial +quadrant: methods-and-patterns + +--- + +BeyondCorp is a Zero Trust framework that evolved at Google. +With the surge of cloud technologies and micro services the network perimeter is ever disappearing. +This provides challenges for authentication of subjects that used to heavily rely on network segments. +With Zero Trust no assumption is made about how far something can be trusted, everything is untrusted by default and authentication and authorisation happens all the time, not just once. +While network segments and VPN connections may still have relevance in specific areas AOE is increasingly implementing BeyondCorp in all its components and services with implementing OAuth and OpenID Connect. diff --git a/radar/2019-11-01/falco.md b/radar/2019-11-01/falco.md new file mode 100644 index 0000000..5bd55c7 --- /dev/null +++ b/radar/2019-11-01/falco.md @@ -0,0 +1,11 @@ +--- +title: "Falco" +ring: assess +quadrant: tools + +--- + +Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms such as Kubernetes. +It detects abnormal application behavior and sends alerts via Slack, Fluentd, NATS, and more. + +We are assessing Falco to add another angle to host based intrusion detection and alerting. \ No newline at end of file diff --git a/radar/2019-11-01/sonarqube.md b/radar/2019-11-01/sonarqube.md index 35e9642..85adb74 100644 --- a/radar/2019-11-01/sonarqube.md +++ b/radar/2019-11-01/sonarqube.md @@ -4,3 +4,6 @@ ring: trial quadrant: tools --- + +At AOE, we are using SonarQube to get a historical overview of the code quality in our Projects. With SonarQube, you can get a quick insight into the condition of your code. It analyzes many languages and provides numerous static analysis rules. +SonarQube is also being used for Static Application Security Testing (SAST) which scans our code for potential security vulnerabilities and is an essential element of our Secure Software Development Lifecycle. \ No newline at end of file diff --git a/radar/2019-11-01/stride-threat-modeling.md b/radar/2019-11-01/stride-threat-modeling.md new file mode 100644 index 0000000..cfb1f64 --- /dev/null +++ b/radar/2019-11-01/stride-threat-modeling.md @@ -0,0 +1,19 @@ +--- +title: "STRIDE Threat Modeling" +ring: trial +quadrant: methods-and-patterns + +--- + +STRIDE is a model of threat groups that helps to identify security threats to any application, component or infrastructure. + +The acronym stands for: + +* Spoofing +* Tampering +* Repudiation +* Information disclosure +* Denial of service +* Elevation of privilege + +AOE is applying the threat model in collaborative sessions using the [Elevation of Privilege Card Game](https://social.technet.microsoft.com/wiki/contents/articles/285.elevation-of-privilege-the-game.aspx) which helps to spark imagination and makes threats more tangible.